Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Jan 8, 2020. It is now read-only.

Fix escaped special chars in urlencoded parameters string incorrectly normalized #5771

Closed
Xerkus wants to merge 1 commit into from
Closed

Fix escaped special chars in urlencoded parameters string incorrectly normalized #5771

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions library/Zend/Uri/Uri.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1301,10 +1301,12 @@ protected static function normalizePath($path)
*/
protected static function normalizeQuery($query)
{
// those characters have special meaning in urlencoded parameters
$subDelims = str_replace(array('&', '=', '+', ';'), '', self::CHAR_SUB_DELIMS);
$query = self::encodeQueryFragment(
self::decodeUrlEncodedChars(
$query,
'/[' . self::CHAR_UNRESERVED . self::CHAR_SUB_DELIMS . '%:@\/\?]/'
'/[' . self::CHAR_UNRESERVED . $subDelims . ':@\/\?]/'
)
);

Expand All @@ -1321,7 +1323,14 @@ protected static function normalizeQuery($query)
*/
protected static function normalizeFragment($fragment)
{
return static::normalizeQuery($fragment);
$fragment = self::encodeQueryFragment(
Copy link
Copy Markdown
Contributor

@samsonasik samsonasik Feb 1, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use static::encodeQueryFragment instead of self::

Copy link
Copy Markdown
Member Author

@Xerkus Xerkus Feb 1, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But should it be static? I do not see where that can change and might require override by subclassing

Copy link
Copy Markdown
Member

@Ocramius Ocramius Feb 1, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't really know that. I'd argue that the entire method should be private then instead.

Copy link
Copy Markdown
Contributor

@mwillbanks mwillbanks Mar 3, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Someone might do special processing; so it would make sense to keep it static for now.

Copy link
Copy Markdown
Member

@EvanDotPro EvanDotPro Mar 3, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not stating which way should be used, but thought it's worth mentioning that Uri::encodeQueryFragment() is called via both static and self currently...

Uri.php:385:            $uri .= "?" . static::encodeQueryFragment($this->query);
Uri.php:389:            $uri .= "#" . static::encodeQueryFragment($this->fragment);
Uri.php:1304:           $query = self::encodeQueryFragment(

Copy link
Copy Markdown
Member

@Ocramius Ocramius Mar 4, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm going with self here, since this is the standardized way of dealing with an URI, and there's really no need for overriding logic here.

self::decodeUrlEncodedChars(
$fragment,
'/[' . self::CHAR_UNRESERVED . self::CHAR_SUB_DELIMS . '%:@\/\?]/'
)
);

return $fragment;
}

/**
Expand Down
6 changes: 4 additions & 2 deletions tests/ZendTest/Uri/UriTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1246,9 +1246,9 @@ public function queryParamsArrayProvider()
'baz' => 'waka'
), 'foo=bar&baz=waka'),
array(array(
'some key' => 'some crazy value?!#[]',
'some key' => 'some crazy value?!#[]&=%+',
'1' => ''
), 'some%20key=some%20crazy%20value%3F%21%23%5B%5D&1='),
), 'some%20key=some%20crazy%20value%3F%21%23%5B%5D%26%3D%25%2B&1='),
array(array(
'array' => array('foo', 'bar', 'baz'),
'otherstuff[]' => 1234
Expand Down Expand Up @@ -1277,6 +1277,8 @@ public function normalizedUrlsProvider()
array('FOO:/bar/with space?que%3fry#frag%ment#', 'foo:/bar/with%20space?que?ry#frag%25ment%23'),
array('/path/%68%65%6c%6c%6f/world', '/path/hello/world'),
array('/foo/bar?url=http%3A%2F%2Fwww.example.com%2Fbaz', '/foo/bar?url=http://www.example.com/baz'),

array('/urlencoded/params?chars=' . urlencode('+&=;%20#'), '/urlencoded/params?chars=%2B%26%3D%3B%2520%23'),
array('File:///SitePages/fi%6ce%20has%20spaces', 'file:///SitePages/file%20has%20spaces'),
array('/foo/bar/../baz?do=action#showFragment', '/foo/baz?do=action#showFragment'),

Expand Down